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A method of carrying out an authentication check between a base stetion and a mobile station in a 
mobile radio system. 



@ A method for carrying out an authentication check in a mobile telephone system in which an 
authentic base station (BS) serves a plurality of mobile stations (MSI-MSn). it is earlier known to canry 
out a unklirectionai check from the t^ase station (BS) to a catting nrK>bite statk)n (MSk). A false base 
station (BSf) is able, in this way, to carry out a false authenticatk>n check, by collecting a number of 
8o-catted RAND-Response pairs. In order to avoid this, there is introduced a further unklirectbnal 
authentication check, base statton-mobile station, and also an authentication check from the nrK>bile 
station to the base station. According to one embodiment of the method, the unidirectionat check is 
excluded and only the bidirectional authentication check is carried out. 
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A CflETHOD OF CARRYING OUT AW AUTHENTICATIOM CHECK BETWEEW A BASE STATION AND A 

[IQOBILE STATION IN A fiflOBILE RADIO SYSTEM 



TECHNICAL FIELD 

The present Invention relates to a method of car- 
rying out an authentication check between a base sta- 
tion and a mobile station in a mobile radio system, 
particularly in a cellular mobile telephone system. The 
proposed method can also be applied with other 
mobile radio systems, for instance paging systems. 

BACKGROUND ART 

In the case of a cellular mobile telephone system 
for instance, an authentication check is carried out 
before a call is set up between the mobile and the 
base station. The base station asks for Information 
concerning the nfK)biIe, with respect to its identity, by 
ordering the mobile to send an identification number. 
The mobile is therewith forced to reveal its identity to 
the base statron, so that the base station will know that 
the mobile is authorized to send a call over the system 
and so that the base station and also the exchange 
will know which nrabile shall be charged for the call 
subsequently set up. 

On the other hand, the mobile station must be cer- 
tain that It communicates with the authentic base sta- 
tion, i.e. with a base statton which is truly authorized 
to put connect a call when the mobile is the calling 
party (the mobile is an A-subscriber), and that the 
mobile station will be charged correctiy for the call. 

For the purpose of performing an authentication 
check, it is earlier known to form authentication sig- 
nals. ''Resp°-signals, in the base station and the 
mobile station. A random number (RAND) is sent from 
the base to niobiles within the area covered by the 
base station. The calling nnobile answers with a given 
signal (Resp 1). In a similar manner, the base station 
forms the same signal Resp 1 from the random nunrv 
ber and the identity of the calling mobile. 

These signals normally coincide and the base 
station orders the mobile to a speech channel. 

DISCLOSURE OF THE INVENTION 

Thus, In the aforesaid known method of carrying 
out authenticatk>n checks, there is formed a RAND- 
Response pair for a given mobile station, Le. a given 
Response signal is forrrted in the nxtbile for a given 
received random numt>er RAND, and a base station 
can thus receive a number of such response signals 
for a number of different random numbers. This 
means that it is possible to establish a "false'' base 
station which is able to transmit a number of mutually 
different random numbers and receives a correspond- 
ing (different) number of Response signals. The false 



base station Is therewith able to create a nrK>bile sut>- 
scription which is not authorized to send calls over the 
system. This drawback or deficiency of the known 
autiientication check Is due to the fact that the check 

5 is uni-directional, namely It is only the base station 
which requires the response signal In proof of the 
authentication of the mobile. 

According to the present method, the authenti- 
cation check is bi-directional, i.e. It is not only the base 

10 station which requires the identity of the mobile, but 
that the mobile also requires the identity of the base 
station. 

The object of the present invention is thus to pro- 
vide an improved authentication check method which 
15 renders impossible manipulatton by a false base sta- 
tion with the Intention of obtaining access to the 
authentication code of the mobile telephone system. 

The inventive method is characterized by the 
steps set forth in the characterizing clause of Claim 1. 
20 Further developments of the proposed method are set 
forth in depending Claims 2-3. 

BRIEF DESCRIPTION OF THE DRAWINGS 

25 The invention will now be described in more detail 

with reference to the accompanying drawings. In 
which 

Figure 1 illustrates schematically communication 
between two base stations and a plurality of 

30 mobile stations; 

Figure 2 Is a flow sheet which illustrates one 
emt>odiment of the proposed method; 
Figure 3 Is a block schematic of the input and out- 
put magnitudes of an authenticity algorithm incor- 

35 porated in a nrKsbiie station; and 

Figure 4 is a flow sheet which illustrates another 
emt>odiment of the proposed method. 

BEST MODE OF CARRYING OUT THE 
40 INVENTION 

Figure 1 illustrates an authentic base station BS 
which listens by transmitting random numbers to a 
plurality of mobiles MS1-MSn over a given control 
45 channel. Of these mobiles, a response is received 
from a nrK>bile MSk which indicates that it wishes to 
establish a call over a given speech channel. As des- 
cribed afcK>v®, a unidirectional authentication check is 
carried out, where the base station requires a ros- 
so ponse Resp 1 from the mobile MSk. This will be des- 
cribed t>elow in rmre detail with reference to Figure 2. 
Since the connection is unidirectional during this 
stage, a falsa base statk>n BSF is able to obtain a res- 
ponse from a number of mobiles when transmitting 
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the aforesaid random number RAND, in the aforesaid 
manner. The base station BSF is therewith able to 
create a bank of RAND-Response replies, which can 
then be utilized in an unauthorized manner by a 
mobile station. 

In order to make this impossible, there Is propos- 
ed in accordance with the Invention an authentication 
method disclosed In the flow chart of Figure 2. 

An authentic base station BS listens to a number 
of mobiles MS1-MSn within the area covered by said 
base station, by transmitting a random number 
RAND, block 1. 

A given mobile station MSk wishing to establish 
a call, answers with a signal Resp 1 , block 2. This sig- 
nal is formed In the microprocessor of the mobile from 
a numt>er of input data PIN, ESN and DN, In addition 
to the random number RAND received, see Figure 3, 
where PIN represents the personal identification nunr>- 
berof the mobile, ESN represents the electronic serial 
number of the nnobile, and DN represents the number 
dialled. The nDObile station MSk is therewith an A- 
subscriber. The microprocessor 13 then delivers the 
Resp 1 signal, which consists of an 18-bit AUTH-sig- 
nai and an 8-bit RANDC-signal, which is sent to the 
base station. 

The base station calculates Resp 1 In a corre- 
sponding manner, block 3, from the Incoming signals 
AUTH and RANDC and makes a comparison with the 
value of the Resp-signal calculated and transmitted 
by the mobile, block 4. When these coinckle, the base 
station ordere the nrwblle to a given, allocated speech 
channel, block 5, and the connection is established in 
a known manner, block 6. The aforedescribed method 
is previously known. 

According to the proposed method, the base sta- 
tion now forms a response signal Resp 2 from a 
further random number RAND 2 and from the per- 
sonal identlflcatbn number PIN of the mobile, this 
number being known in the base station (blocks 2, 3). 
Both Resp 2 and RAND 2 are sent to the mobile, block 

7. The mobile statk>n forms a value of Resp 2 from Its 
PIN and the received random number RAND 2, block 

8. A comparison is now made in the mobile, block 9, 
between the received Resp 2 and the formed value of 
Resp 2. If these two values coinckJe, the mobile forms 
a value Resp 3 and sends this value to the base sta- 
tion, block 1 0. Resp 3 is formed from RAND 2 and PIN 
in the mobile. The base statk>n fonms Resp 3 in a simi- 
lar manner from RAND 2 and PIN, which are known 
in the base station, block 11. A comparison is then 
made, block 12, between the received and fonmed 
values of Resp 3. If the values coincide, connection 
of the call continues to establish a speech connection. 

The method steps according to block 7, 8 and 9 
provide an authentication check in which the mobile 
decides whether or not the base station is authentk:, 
since verification of the signal Resp 2 sent from the 
base station takes place in the mobile, and against a 



value Resp 2 calculated In said nrK}blle. The signal 
Resp 2 from the base station can therefore be taken 
as a response signal from said station .The aforedes- 
cribed method constitutes the main difference be- 

5 tween the proposed method and the known method 
according to blocks 2. 3 and 4. 

The check carried out in accordance with blocks 
10, 11 and 12 constitutes substantially a repetition of 
the method according to blocks 2, 3 and 4, I.e. a check 

10 from the base station that the mobile is authentic. 

An essential dtfference in relation to the known 
authenticity method (blocks 1-4) Is that the mobile 
also requires a response Resp 2 from the base station 
and verifies this response in accordance with blocks 

IS 7-9. A false base station must therefore know exactly 
how this response signal shall be calculated. The 
check Is therewith bidirectional. 

The authentication check according to blocks 2, 
3 and 4 can be carried out on a general control chan- 

20 nel in the mobile radio system, and the authentication 
check according to blocks 7-12 can be can-led out on 
the speech channel established between the base 
station BS and the mobile MSk (blocks 5 and 6). 
Figure 4 is a block diagram illustrating the first 

25 method steps in the case when solely a bkJirectional 
authentication check is carried out. In this case, the 
steps according to blocks 1-3 replace the steps 
according to blocks 1-6 in Figure 2. In this case, no 
unidirectk)nal (and known) authenticatk>n check is 

30 carried out prior to the bidirectional check. A calling 
mobile, for instance MSk, asks for a connectk>n from 
the base station BS. When receiving this call request, 
the base station BS looks for a free speech channel 
and orders the mobile MSk to this free channel. In this 

35 way, a free connection is estak}lished over the speech 
channel without carrying out an authentication check. 
The actual authentication check is then carried out in 
the manner aforedescribed with reference to blocks 7- 
12 of Figure 2. i.e. only a bidirectbnal authentication 

40 check is carried out 



Claims 

45 1 . A method for carrying out an authentication check 
between a base station (BS) and a mobile station 
(MSk) in a mobile radio system. In which prior to 
establishing a connection, the base station sends 
a question concerning the authenticatk>n of the 

so mobile and orders the nrioblle to send a firet res- 

ponse signal (Resp 1) which is used In the base 
station to establish the authenticatk>n of the 
mobile, characterized in that subsequent to 
establishing the authentication of the mobile (2, 3, 

55 4) in the base station, there is sent from the base 

station a second response signal (Resp 2) to the 
mobile, which therewith forms (8) a correspond- 
ing second response signal (Resp 2) in order to 
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establish (9) the authentication of the base station 
and, when this authentication is established, the 
mobile sends a third response signal (Resp 3) 
and establishes the authentication of the mobile 
prior to the connection being established. s 

2. A method according to Claim 1 , characterized in 
that said second response signal (Resp 2) is for- 
med from a random number (RAND 2) produced 

in the base station and from the identification io 
number (PiN) of the mobile, and in that the 
authentication of the base station is established 
by comparing (9) said second response signal 
with a signal produced in the mobile In depen- 
dence on the received random number (RAND 2) is 
and the identification number (PIN) available In 
the mobile. 

3. A method according to Claim 2, characterized in 

that said third response signal (Resp 3) sent to 20 
the base station is formed from said random num- 
t>er (RAND 2) and from the Identification number 
(PIN) of said mobile, in that said signal is sent to 
the base station; and in that said base station 
forms a corresponding signal in a similar manner 25 
from said random number (RAND 2) and the Iden- 
tification number (PIN) of the mobile available in 
said base station; and in that a comparison (12) 
is made in the base station between the fonmed 
signal and the sent signal such that when agree- 30 
ment is found between said signals, a speech 
connection can be established. 



received random number (RAND 2) and the iden- 
tification number (PIN) accessible in the nrK)bile. 

6. A method according to Claim 4, characterized in 
that said second response signal (Resp 3) sent to 
the base station is formed from said random num- 
ber (RAND 2) and from the identification number 
(PIN) of the mobile, said signal being sent to the 
base station, and in that the base station forms a 
conesponding signal in a similar manner from 
said random number (RAND 2) and from the iden- 
tification number (PIN) of the mobile available in 
the base station; and in that a comparison (12) is 
carried out in the base station between the signal 
formed by said base station and the signal 
received by said station and a speech connection 
is established when these signals coincide. 



4. A method of carrying out an authentication check 
between a base station (BS) and a nriobile station 35 
(MSk) in a nwbile radio system subsequent to the 
mobile station having asked for and being assig- 
ned a connection over a given channel, charac- 
terized by foming in the base station (BS) a first 
response signal (Resp 2), sending said first res- 40 
ponse signal to the mobile (MSk) which therewith 
fonms a corresponding response signal (Resp 2) 

for the purpose of verifying the authentication of 
the base statk)n and, subsequent to establishing 
such authent'(catk>n, the mobile sends a second 4S 
response signal (Resp 3) to the base station, 
which forms a corresponding response signal and 
establishes the authentication of the mobile prk>r 
to establishing a connection. 

so 

5. A method according to Claim 4, characterized in 
that said first response signal (Resp 2) is fonned 
from a random number (RAND 2) produced in the 
base station and from the klenttfication number 
(PIN) of the nrabile, and in that the authentication 55 
of the base station is established by comparing 

(9) said first response signal with a signal pro- 
duced in the mobile and contingent on the 
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